By Michael Pittroff, Archiving Specialist at Verisma

September 26, 2025

Health information management (HIM) professionals are the stewards of patient data – uniquely positioned at the intersection of clinical care, compliance, and system operations. Their expertise ensures medical records are managed with the highest standards of accuracy, accessibility and confidentiality.

When organizations archive legacy applications, HIM’s insights are essential to guarantee data is preserved, retrievable, and fit for future needs—from patient care to compliance audits.

Preserving Metadata, without Compromise

When HIM isn’t involved in archiving, critical elements of medical records can be lost. Preserving metadata beyond extract, transform and load (ETL) tools forcing providers to pick-and-choose which data they want to bring over during the mapping process – details like lab reference ranges, test locations, and result flags – is essential for clinical context, continuity of care, and regulatory response.

Without this vital information, organizations risk incomplete records which could impact patient safety, hinder responses to subpoenas or audits, and jeopardize compliance with professional regulations – especially important as OCR changes the definition of the designated record set.

Administrative and technical decisions made without HIM’s input may also compromise data integrity or accessibility, potentially leading to inefficiencies. Providers searching multiple systems for medical records for hours, days or weeks – rather than benefiting from a unified software platform in seconds – can delay care, frustrating staff and patients.

Supporting Complex Health Information Workflows

When HIM’s absent, projects may focus solely on IT, cost or infrastructure – prioritizing financial savings or technical feasibility over clinical or compliance requirements. This shift can lead to solutions that, while budget-friendly, might not meet all regulatory standards or support complex health information workflows.

Without HIM advocacy, organizations may not recognize the ongoing value of complete, context-rich records supporting everything from accounts receivable (AR) burndown in revenue cycle management to defending against legal challenges. Overlooking these priorities can create unintended risks and missed opportunities for value creation within the organization – reducing overhead associated with infrastructure and licensing fees.

Ensuring Integrity, Accessibility and Compliance

HIM professionals care deeply about participating in archiving decisions because these projects directly affect their core responsibilities – ensuring the integrity, accessibility and compliance of health records. HIM’s changing structure – moving under IT, compliance, revenue cycle, or access – means their voice can easily be marginalized unless they have a seat at the table.

Their involvement is crucial to safeguarding patient data, supporting clinical care, and protecting their organization from regulatory and legal risks.

Reducing Data Breaches

Legacy applications also increase the risk of data breaches because they often operate on outdated, unsupported servers lacking essential security updates and patches – making them vulnerable to attacks.

As staff retire or move on these systems can go unmonitored, with knowledge of their operation lost – leaving sensitive information exposed to accidental and malicious threats. Accessing data sometimes requires lowering security measures, and without proper audit trails or compliance with current regulations, organizations face heightened risks of unauthorized disclosures (UAD), legal penalties, and data loss.

Migrating to secure, modern platforms and involving HIM in the archiving process are vital steps to protect patient data and preserve regulatory compliance.

Influencing Leadership to Adopt Best Practices

Advocacy is essential for HIM, ensuring their expertise shapes organizational decisions about data archiving and legacy system management. By articulating the value they bring – such as preventing data loss, preserving metadata, and facilitating efficient release of information (ROI) – they can influence leadership to adopt best practices serving clinical and operational needs.

Advocacy also positions HIM as indispensable partners in broader initiatives, from cost reduction to revenue cycle optimization, demonstrating their strategic value in the evolving health data landscape.

Archiving Today to Prepare for Tomorrow

Health information professionals aren’t just “nice-to-have” participants at the archiving table. They’re critical to ensuring data integrity, compliance, and operational efficiency. HIM’s absence can lead to costly mistakes, incomplete records, and organizational risk. Their presence and advocacy empower healthcare organizations to meet today’s challenges and prepare for tomorrow’s needs – especially when faced with the next merger and acquisition (M&A) and you’re back at the table to archive, again.

Ready to revolutionize clinical data management? We’re here to help. Contact us today.

By Anupriyo Chakravarti, Chief Technology & Product Officer at Verisma

September 5, 2025

Health information departments face mounting pressure to process record requests faster, maintain compliance, and manage growing data volumes while navigating staffing shortages and budget constraints. In response, we introduced Verisma’s responsible artificial intelligence (AI) solution suite built specifically for health information management (HIM). The suite combines intelligent automation with human oversight to improve speed, quality, and regulatory compliance – without removing professionals from sensitive decisions.

We’ve developed a feature set working together to streamline intake, improve compliance, accelerate retrieval, and enhance support for requestors, all grounded in a human-in-the-loop approach keeping HIM experts in control.

In this post, we’ll take you through each of these features and share how we’re approaching them and impacting the market.

Human-in-the-Loop by Design

Many healthcare AI offerings aim to fully automate decision-making, risking errors in sensitive record handling, compliance violations, and loss of trust. At Verisma, we embed human oversight at key decision gates – intake validation, authorization checking, quality, and final release, so outcomes remain accurate, ethical and defensible.

In practice, that means:

• Flagging commingled records before release.
• Pre-populating intake data for HIM validation to compress cycle time.
• Handling routine status calls with a digital support agent, while keeping a speak-to-a-human option at every step.

One of the first impact areas we’ll dive into is improving compliance and quality.

AI-Supported Compliance and Quality

Sensitive categories (e.g., behavioral health or substance-use information) can be missed in manual workflows, leading to unauthorized disclosures (UAD). Technology Assisted Review™ – our quality assurance engine – uses AI to flag sensitive content (including state overlays and 42 CFR Part 2) and route exceptions for expert review, with auditable human approval before disclosure.

After a new lab interface was deployed by a health system we service, our Intelligent Quality Review solution detected cross-patient commingling and flagged it for human investigation, leading to remediation of the glitch in the lab interface to the electronic health record (EHR). Over 18 months, this safeguard helped prevent potential mis-release of ~200,000 records under client validation and compliance oversight.

With even more emphasis on quality, we can tackle one of the largest challenges in release of information (ROI), structuring all the requests that come through disparate channels and making them actionable, fast.

Structuring Data at Intake

Manual logging and categorization are time-consuming and error-prone, often causing misrouted requests, billing issues, and delays. Verisma Intake Intelligence extracts key fields and accurately classifies requests, improving turnaround time and significantly reducing logging time (based on client implementations).

When immediate processing is critical, such as stat or legal requests with statutory deadlines, requests route to Verisma Inbox™, where a rules engine determines urgency and logs the prioritized request into Verisma Release Manager® (VRM), always with human-in-the-loop verification. VRM is a HITRUST-certified cloud platform tracking, auditing and processing each request. It enforces Health Insurance Portability and Accountability Act (HIPAA), state laws, and provider policies; timestamps every action for discoverability; and uses smart queues to maintain SLAs.

Retrieving records across multiple health system record sources is a persistent bottleneck and the next area we’ll address.

Seamless Retrieval Across 7,000+ Connections

Verisma’s Integration Engine retrieves the right records at the right time using specialized connectors, like standard-based APIs (FHIR R4, HL7 v2), where available, and universal connectors, like monitored robotic process automation (RPA), when necessary, spanning 7,000+ connections to EHR instances and health data sources.

The platform assembles a release packet aligned to request type and documented patient authorization, then flags it for automated quality check and human approval, absorbing surge volume without incremental headcount and accelerating turnaround.

We know the last thing providers want is to manage complaints from requestors because they’re frustrated and don’t know the status of their request. Our final feature in the suite aims to elevate the requestor experience and meet their needs 24/7.

AI-Powered Requestor Support

Patients, attorneys, and other requestors want clarity without delay. Our 24/7 multilingual digital agent answers common questions, provides status updates, and escalates complex issues to staff when needed. It detects a preferred language, audits all interactions, and integrates with VRM, improving satisfaction and reducing average handling time, while always offering a speak-to-a-human option.

Success, Built on Trust

In summary, Verisma’s AI workflows are fully auditable – with immutable logs, reviewer attestations, and exception trails. Models operate within PHI-safe boundaries (encryption in transit and at rest, along with least-privilege access), undergo regular evaluation and drift monitoring, and use confidence thresholds automatically triggering human review. It’s how we pair the speed of AI with the judgment of HIM professionals safely and provide:

• Logging speed and efficiency gains via intelligent intake.
• Accelerated record retrieval with smart, scalable integration.
• Enhanced protection for 2,300+ facilities from UADs with Technology Assisted Review™.
• 24/7 multilingual support through our digital agent, with seamless escalation to people.

HIM departments need partners who understand operational realities and deliver practical innovation. With our responsible AI suite, we’re empowering professionals, protecting patient data, and shaping the future of health information, together.

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Compliance and Government Affairs
Verisma
July 25, 2025

I wanted to take a moment to break down recent updates regarding the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Final Rule supporting reproductive health care, also known as the 2024 Privacy Rule – applying to all organizations. 

Last month there was a judgment issued in the Purl v. Department of Health and Human Services (HHS) case giving a definitive answer whether we need to continue with the 2024 Privacy Rule and its attestation process. 

The judgment, posted June 18, has the judge vacating the vast majority, or about 90 percent, of the 2024 Privacy Rule. 

The judge only kept provisions of the 2024 Privacy Rule correlated with Section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act.  If you’re an AHIMA member you probably recognize this as the Protecting Jessica Grubb’s Legacy Act, a notice of privacy practice changes for substance use disorder records. Fortunately, under existing HIPAA regulations, she was able to narrowly select the information to be released and designate an alternate address for communication to protect her privacy. However, this protection could be jeopardized by proposed legislation, including Florida’s SB 1606.

In simpler terms, we’re going back to the pre-compliance date of release of information (ROI) procedures – rewinding back to December 22, 2024 workflows. 

The Purl case was handled by a federal court, located in the Northern District of Texas, making it a national court. In the decision, the judge spent time detailing that this judgment is applicable nationally – meaning providers from Maine to Hawaii are covered by the judgment. HHS can appeal the judge’s decision until August 18. 

Several other pending cases have had stays, or administrative closure orders, issued after judgment was handed down in the Purl case. Those cases have status updates due August 25 when HHS must decide whether to appeal the judgment and the parole case by August 18 as well. 

Please speak with your organization’s legal counsel before you make any policy and procedure changes. If you have any questions we’re here to answer them, so please feel free to reach out!

By Jeannie Hennum
General Manager, Value Based Care
Verisma
June 24, 2025

My esteemed colleague and government affairs/policy guru Elizabeth McElhiney recently published a blog for providers detailing an announcement from the Centers for Medicare and Medicaid Services (CMS) regarding their initiative to rapidly administer outstanding Risk Adjustment Data Validation (RADV) audits and expand the parameters of new RADV audits by September 1.

The audits are important to the entire healthcare system – safeguarding the accuracy and integrity of health plan data, and the effort is part of the federal government’s effort to remove fraud, waste and abuse (FWA) in Medicare Advantage (MA) programs.

RADV Refresher

Because this hasn’t been an active program for eight years, let’s review.

Risk Adjustment is a CMS process that is used by health plans to determine their enrollees’ (patients, members) health status, specifically identifying any chronic conditions the patients have (or potentially will have), which in turn most likely will result in the need for additional healthcare and services. Hierarchical Condition Categories (HCC) coders review the medical records, identifying and coding the patients’ chronic conditions. The coding results are used to generate each enrollees’ Risk Adjustment Factor (RAF) score and provide the basis for reporting submissions to CMS. These results also help support care management programs for the patients. Based on the health plans’ submissions, CMS then provides additional funding needed to ensure the patients receive the necessary benefits and services promoting better health outcomes for the patients.

RADV (Risk Adjustment Data Validation) audits are generated by CMS to ensure the health plans have submitted accurate diagnosis data. RADV audits require health plans to submit the best medical record to validate the patients’ chronic conditions – basically, to provide a “receipt.” The RADV audits have short timeframes and stringent requirements. Failure to validate potentially has significant financial penalties for health plans, primarily stemming from recoupment of overpayments.

Recent changes to RADV for payment years beginning in 2018 will let CMS extrapolate to calculate the overpayment from the sample and then recoup that total amount. For instance, if the health plan has coded/submitted the “diabetes” for a patient, but they cannot provide the medical record to support this diagnosis during the RADV audit, CMS may recoup the funding back from the health plan for this patient and for all other members diagnosed with diabetes. Other penalties the health plan may face are false claims liability and exclusion from government healthcare programs.

Accurate risk adjustment is crucial for ensuring health plans receive appropriate compensation for the care of patients, promoting fairness and stability in the healthcare system.

Where It All Began

RADV audits started in 2002 with the Improper Payments Information Act (IPIA), and it has been revised numerous times. CMS is several years behind finishing these audits, and the Trump administration wants to complete all RADV audits for payment years (PY) 2018 to 2024 by early next year.

To do so, CMS is hiring 2,000 coders and deploying enhanced tech to meet the deadline. They’re also increasing the amount of medical records it will audit from 35 records per health plan to 200, and audits from 60 MA plans annually to all (approximately) 550 plans – a 900 percent increase.

RADV’s Importance

• Financial Accuracy: RADV ensures health plans are compensated accurately based on the risk profiles of enrollees, encompassing significant financial implications for health plans.
• Quality Care: Accurate data is essential for identifying high-risk individuals and ensuring they receive necessary care, helping improve health outcomes.
• Compliance: RADV audits help ensure compliance and mitigate the risk of penalties and sanctions.

Important Health Plan Considerations

• Implement robust data validation processes and regularly review and update information to prevent errors.
• Align with providers to ensure medical records are complete and accurate.
• Train staff on the importance of correct diagnosis coding and documentation to help improve data accuracy and reduce the risk of errors during RADV audits.

RADV is a crucial element of the healthcare system, ensuring CMS funding is accurate and payment is made only for documented services and diagnoses. Health plans can promote financial stability, improve quality of care, and ensure CMS regulation compliance.

Verisma has helped providers navigate accurate health information for 20+ years and we’re ready to meet the demand of these volumes for payers, too. Contact us today to discuss how we can help.

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Government Affairs and Policy
Verisma
June 23, 2025

The Centers for Medicare and Medicaid Services (CMS) announced an initiative late last month to rapidly complete outstanding Risk Adjustment Data Validation (RADV) audits while expanding the parameters of new RADV audits by September 1. The audits ensure the accuracy and integrity of health plan data, and the effort is part of the federal government’s effort to eliminate fraud, waste and abuse (FWA) in Medicare Advantage (MA) programs – impacting providers and patients.

While you’re familiar with Medicare Risk Adjustment (MRA) reviews, it’s unlikely you’ve seen a RADV audit. So, what’s the difference?

• Annual MRA audits, issued first, are used by MA plan to determine patient risk adjustment factor (RAF) to predict healthcare costs by reviewing medical records, evaluating diagnoses, and assessing demographical information including age and gender to determine health status and provider payments. The higher the RAF, the more money CMS pays the MA plan.
• RADV audits, issued second, are for data validation to gauge if insurance companies have correctly calculated RAF scores. These audits ensure treatment leading to diagnosis in a RAF score is documented in the medical record, removing risk MA plans don’t say patients are sicker than they are. If the government finds a RAF score is calculated incorrectly or doesn’t receive records to audit, it can recoup the overpayment from the MA plan and the facility. Recent changes to the RADV program will let CMS extrapolate the overpayment amount for a health plan from the sample and then recoup that total amount. These changes are similar to how the RAC program can recoup overpayments.

Why am I just hearing about this?

RADV audits have been around since 2002’s Improper Payments Information Act (IPIA) and the program has been modified multiple times. Because CMS is several years behind completing these audits, the Trump administration wants to finish all remaining RADV audits for payment years (PY) 2018 to 2024 by early 2026.

This initiative received widespread attention because efforts to detect and eliminate FWA are high priorities for the current administration. CMS will hire approximately 2,000 coders in the upcoming months and deploy enhanced technology to meet this deadline. At the same time, CMS is increasing the number of medical records it will audit from 35 records per health plan to 200, and its audits from 60 MA plans annually to all (approximately) 550 plans – a 900 percent increase.

While your practice or organization probably sees many MA patients, the odds of encountering a large number of RADV audits has always been low. Selected records are based on MA plan participation and these patients could have been treated by any provider. The only commonality is their MA plan.

Preparing for RADV Audits

It’s important to remember RADV audits need to be returned to the health plan and not CMS. This can be confusing for new ROI specialists and health information (HI) professionals because the request packet will come with a CMS letter. HI professionals must comply with these requests quickly, ensuring records are provided to the requestor by the due date.

Preparation is key. Here are some steps healthcare providers can take:

• Maintain Accurate Records: Ensure all diagnosis data is accurately documented and updated.
• Regular Training: Provide ongoing staff training on proper documentation practices, releasing appropriate records, and RADV compliance requirements.
• Create an Action Plan: Train staff to identify RADV audits and notify management when they’re received. Examine whether you can handle additional audits with existing staff or if you will need to supplement with external resources.

RADV audits are a critical component of the healthcare system, ensuring MA payments are accurate and payment is made only for the services and diagnoses documented. By understanding the importance of these audits and taking proactive preparation steps, healthcare providers can navigate the process smoothly and maintain compliance with CMS regulations.